- tor-project - lists.torproject.org

PieroV's Monthly Status Report, December 2022
by Pier Angelo Vendrame 04 Jan '23

04 Jan '23

Hi everyone! Here is my status report for December 2022. At the beginning of the month, we of the application team released Tor Browser 12.0 stable. So, in the first week, I worked on some last-minute changes (such as some migration code to remove old language packs [0]), and I helped to release the 12.0. Then, I started migrating the remaining torbutton code from its dedicated repository to tor-browser.git [1]. We plan to refactor all this code and to better integrate it with the rest of the patch set. And we started with the localization files: previously, we kept them in torbutton.git, and we ran a script to update them at each release. Now, we keep only English in tor-browser.git, and the rest of the files are injected during the build. As a result, nightly builds will always have the latest and most updated translations [2]. While doing these changes, we also cleaned unused strings [3] and migrated the localization files from Transifex to Weblate, and I helped emmapeel with this. Another task I worked on was improving the patch that makes Tor Browser portable. In particular, my previous refactor of this patch still deleted some code that could be helpful when the standalone mode was not enabled. Some users asked us to improve this patch long ago [4]. Then, I wrote a patch for our toolchain to make it able to build the WASI sandbox and include it in Tor Browser [5]. The patch is still under review, so it was not included in 12.5a1. Finally, I helped prepare and build the first alpha from the 12.5 series. Best, Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41435 [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41478 [2] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41375 [4] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20497 [5] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…

1 0

Rhatto's Monthly Status Report, December 2022
by rhatto 04 Jan '23

04 Jan '23

Hi all :) This is my monthly status report for December 2022 with the main activities I have done during the period. ## 0. Planning Helped with team planning regarding upcoming Onion Service work. Part of this is already available at The Onion Plan: https://tpo.pages.torproject.net/onion-services/onionplan ## 1. Onion MkDocs Created Onion MkDocs, a template for Tor documentation: * https://rhatto.pages.torproject.net/onion-mkdocs * https://gitlab.torproject.org/rhatto/onion-mkdocs ## 2. EOTK Log Parser Improved scripts to fetch logs from S3 buckets at the EOTK Log Parser, a tool/library to parse anonymized NGINX access logs from EOTK instances: https://gitlab.torproject.org/tpo/onion-services/eotk-log-parser ## 3. Sponsor 123 I've also done the regular Sponsor 123 deployments, monitoring, maintenance and development. -- Silvio Rhatto pronouns he/him

1 0

Cecylia's monthly status report, December 2022
by Cecylia Bocovich 02 Jan '23

02 Jan '23

Hi everyone, This is my status report for contract work done in December 2022. # Conjure Development * debugged issues with domain front * tested out desktop and debugged android builds of the Tor Browser integration # Snowflake web extension * review and merge volunteer contributions Cecylia

1 0

Anti-censorship team meeting notes, 2022-12-22
by meskio 22 Dec '22

22 Dec '22

Hey everyone! Here is our meeting log: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-12-22-15.57.html And our meeting pad: Anti-censorship team meeting pad -------------------------------- Next meeting: Thursday, January 12 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 28 * must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 * possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 == Announcements == * No meetings December 29 neither January 5. We'll be AFK Dec 22 - Jan 7 == Discussion == * == Actions == * == Interesting links == == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2022-11-24 Last week: - wrote a fix to make go fmt CI more verbose (snowflake!122) This week: - continue work on conjure client - more work on reputation-based bridge dist - fixup snowflake!108 Needs help with: dcf: 2022-12-14 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - make obfs4 distinguishability reports public - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs… - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/91 - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… - try Conjure PT development version https://forum.torproject.net/t/tor-dev-introducing-a-conjure-pt-for-tor/4429 Help with: meskio: 2022-12-22 Last week: - poke outdated bridge operators (obfs4#40008) - fix onionsproutsbot bug with journald (onionsproutsbot#47) - Circumvention Settings recommends obfs4 bridges in Russia (rdsys-admin!11) - Investigate broken descriptors (bridgedb-admin#4) Next week/after holidays: - add localization support to rdsys (rdsys#11) - publish obfs4 deofuscation bugs Shelikhoo: 2022-12-08 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Discussion & Deployment] Rollout of Distributed Snowflake Support - [Coding & Deployment] Proposal: Centralized Probe Result Collector (anti-censorship/team#54) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - [Merge Request] Update to support chunked upload of probe log(https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurem… - [Merge Request] Add Resumable Upload to Log Collector (https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/…) Next Week: - [Research] WebTunnel planning (Continue) Itchy Onion: 2022-12-15 Last week: - worked on RACE performance issue - [Merge Request Done] "Abbreviate `ice` list in bridge lines" - reviewed some MRs This week: - Work on the RACE performance issue - [Merge Request Done] Fix duplicate snowflake server flag - Work on adding Outbound address option to snwoflake server hackerncoder: 2022-12-22 last week: - getting ooni-exporter setup on a personal server - worked on ooni-exporter https://gitlab.torproject.org/hackerncoder/ooni-exporter Next week/after holiday: - figure out what makes ooni-exporter put all reports from a country in either success or failure - getting ooni-exporter to work with torsf (snowflake) - work on monitoring bridges health cece: 2022-12-22 This week: - working on creating a dummy WhatsApp bot Next week: - My bot is not yet working as expected s still trying to figure that out Help with: - resources -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Re: [tor-project] Tor Browser Bundle on Guix
by Jim Newsome 19 Dec '22

19 Dec '22

Makes sense! I'm just dipping my toe into Guix and definitely not looking to take on maintainership of packages there at the moment. Was sharing the info primarily for other individuals running Guix who may want to run Tor Browser. Maybe the wiki, on or around this page would be a good place to document this sort of distro-specific workaround in the meantime? https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Platform… The list of runtime dependencies (e.g. libssl @ v1, libevent, ...) may be more generally useful for running on Linux, since I imagine someone on any distro could run into problems if they happen to not have those installed. What is the procedure for proposing/making edits to the the Tor Browser wiki, anyway? On 12/19/22 06:41, Richard Pospesel wrote: > So I think in general we (applications team) don't want to support every > possible distribution format out there/be smart about which ones we *do* > support in terms of maximizing reach/going where the users are. > > But that said there are a few downstream re-packagers (Tails, > torbrowser-launcher/ BSD, etc) that we don't want to break. If this is > something you (or someone else) wants to build+maintain, then we can add > you to the list of folks who get early notification of new browser > releases, potentially breaking changes, etc. I think we're also > generally in favor (within reason, case by case basis, etc) of taking > patches to the browser itself for things which make downstream packaging > easier or less complicated. > > best, > -Richard > > On 12/17/22 00:06, Jim Newsome wrote: >> Possibly of interest to browser and/or guix folks - >> >> I was experimenting with the [Guix System Distro] on my laptop, and >> managed to get Tor Browser Bundle running with a relatively new >> feature `--emulate-fhs`. Details below. I haven't messed with it too >> much yet, so I wouldn't be surprised if the runtime dependency list >> below is missing some, which may result in runtime errors. >> >> It'd be nice to get it packaged properly, but probably not high >> priority in terms of wide user reach. It's essentially an OS for >> people who think [NixOS] is too mainstream ;P >> >> Maybe I'll get around to poking at it sometime; they have other >> firefox variants in there (icecat), so that might be a reasonable >> starting point. >> >> [Guix System Distro]: https://guix.gnu.org/ >> [NixOS]: https://nixos.org/ >> >> -------- Forwarded Message -------- >> Subject: re: Drafting a Guix blog post on the FHS container >> Date: Fri, 16 Dec 2022 17:39:21 -0600 >> From: Jim Newsome <jim(a)sporksmith.net> >> To: john.kehayias(a)protonmail.com, help-guix(a)gnu.org, guix-devel(a)gnu.org >> >> Sorry for (presumably) breaking threading; I came across this online >> and don't see a way to set my in-reply-to-email header properly. >> >> Anyways just thought I'd mention that I recently learned about this >> feature, and was able to use it to get a downloaded [Tor Browser >> Bundle] running with: >> >> >> ``` >> guix shell \ >> --container \ >> --network \ >> --emulate-fhs \ >> --preserve='^DISPLAY$' >> --share=/run/user/$(id -u)/gdm \ >> openssl@1 \ >> libevent \ >> pciutils \ >> dbus-glib \ >> bash \ >> libgccjit \ >> libcxx \ >> gtk+ \ >> coreutils \ >> grep \ >> sed \ >> file \ >> alsa-lib \ >> -- \ >> ./start-tor-browser.desktop -v >> ``` >> >> `--preserve='^DISPLAY$'` and `--share=/run/user/$(id -u)/gdm` are to >> get access to the display. I'm not sure the second parameter is >> universally correct; I reverse-engineered it via roughly `ps aux | >> grep -- -auth`. >> >> The `-v` parameter to the browser script keeps it from trying to >> background itself, which otherwise causes the container and browser to >> terminate. >> >> It'd ultimately be nice to package the Tor Browser Bundle properly for >> guix, but it's nice to be able to use it this way in the meantime. >> >> -Jim >> >> [Tor Browser Bundle]: https://www.torproject.org/download/ >> _______________________________________________ >> tor-project mailing list >> tor-project(a)lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project > > _______________________________________________ > tor-project mailing list > tor-project(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

2 1

Tor Browser Bundle on Guix
by Jim Newsome 19 Dec '22

19 Dec '22

Possibly of interest to browser and/or guix folks - I was experimenting with the [Guix System Distro] on my laptop, and managed to get Tor Browser Bundle running with a relatively new feature `--emulate-fhs`. Details below. I haven't messed with it too much yet, so I wouldn't be surprised if the runtime dependency list below is missing some, which may result in runtime errors. It'd be nice to get it packaged properly, but probably not high priority in terms of wide user reach. It's essentially an OS for people who think [NixOS] is too mainstream ;P Maybe I'll get around to poking at it sometime; they have other firefox variants in there (icecat), so that might be a reasonable starting point. [Guix System Distro]: https://guix.gnu.org/ [NixOS]: https://nixos.org/ -------- Forwarded Message -------- Subject: re: Drafting a Guix blog post on the FHS container Date: Fri, 16 Dec 2022 17:39:21 -0600 From: Jim Newsome <jim(a)sporksmith.net> To: john.kehayias(a)protonmail.com, help-guix(a)gnu.org, guix-devel(a)gnu.org Sorry for (presumably) breaking threading; I came across this online and don't see a way to set my in-reply-to-email header properly. Anyways just thought I'd mention that I recently learned about this feature, and was able to use it to get a downloaded [Tor Browser Bundle] running with: ``` guix shell \ --container \ --network \ --emulate-fhs \ --preserve='^DISPLAY$' --share=/run/user/$(id -u)/gdm \ openssl@1 \ libevent \ pciutils \ dbus-glib \ bash \ libgccjit \ libcxx \ gtk+ \ coreutils \ grep \ sed \ file \ alsa-lib \ -- \ ./start-tor-browser.desktop -v ``` `--preserve='^DISPLAY$'` and `--share=/run/user/$(id -u)/gdm` are to get access to the display. I'm not sure the second parameter is universally correct; I reverse-engineered it via roughly `ps aux | grep -- -auth`. The `-v` parameter to the browser script keeps it from trying to background itself, which otherwise causes the container and browser to terminate. It'd ultimately be nice to package the Tor Browser Bundle properly for guix, but it's nice to be able to use it this way in the meantime. -Jim [Tor Browser Bundle]: https://www.torproject.org/download/

2 1

disruption in email services
by Antoine Beaupré 15 Dec '22

15 Dec '22

Hi everyone, We've had reports of increasing delivery failure rates at other providers, particularly gmail, from multiple parties in the course of the last few weeks / months. It might be worth falling back to an alternative provider if you have access to one, for your @torproject.org email, otherwise you might miss some email. Inversely, if you have a hard requirement to reach @gmail.com people right now, you may want to use another provider or use a gmail account directly. We're working on emergency mitigations for this problem. I should come up with a proposal tomorrow and work should start next week. In the meantime, status.torproject.org has been updated. Feel free to circulate outside of this space, since many people here might not be able to read this message in the first place, of course. a. -- Antoine Beaupré torproject.org system administration

4 5

Tor user support team will be partly unavailable during the holidays (Dec 23 - Jan 4, 2023)
by gus 15 Dec '22

15 Dec '22

Hello, Tor User Support team will be partly unavailable between December 23, 2022, and January 4, 2023. If you reach out to us on our user support channels via email, Forum, Telegram, or Signal, our response may take a longer than usual. Please rest assured we will get back to your messages as soon as possible. Thank you! Gus Community Team Tor Project -- The Tor Project Community Team Lead

1 0

Tomorrow we hang out! Tor Localization Hangout from 12 UTC
by emma peel 15 Dec '22

15 Dec '22

Fellow translators! Tomorrow we hangout! The topics I propose are: - the move to weblate, how it is going, next steps - priorities to translate, new resources and strings - new African locales. Also: any other topics that you want to bring! Come over to hang out, on the #tor-l10n channel in OFTC. (you can also use Element https://element.io/ to connect: #tor-l10n:matrix.org) At 13 UTC we make a call on Big Blue Button: https://tor.meet.coop/emm-qmu-8o2-d2w If you are not a translator yet, you still have time to become one before the hangout. What do we do in a hangout? * Translate stuff * Share translation tips and resources * Complain about developers * Talk about translation priorities * Talk about our local contexts * Practice bug reporting and git skills More info: https://community.torproject.org/localization/hangouts/

1 0

Anti-censorship team meeting notes, 2022-12-15
by Itchy Onion 15 Dec '22

15 Dec '22

Hey everyone! Here is our meeting log: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-12-15-15.59.log… And our meeting pad: Anti-censorship team meeting pad-------------------------------- Next meeting: Thursday, Dec 15 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == - Our anti-censorship roadmap: - Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards - The anti-censorship team's wiki page: - https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home - Past meeting notes can be found at: - https://lists.torproject.org/pipermail/tor-project/ - Tickets that need reviews: from sponsors, we are working on: - All needs review tickets: - https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… - Sponsor 28 - must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 - possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… - Sponsor 96 - https://gitlab.torproject.org/groups/tpo/-/milestones/24 == Announcements == - No meetings December 29 neither January 5. We'll be AFK Dec 22 - Jan 7 == Discussion == - Is snowflake blocked in russia? - it doesn't seem to have much usage there and the vantage point seems to indicate it doesn't work - we'll change circumvention settings to recommend first obfs4 bridges == Actions == - we should investigate if snowflake is blocked in russia (circumvention settings is recommending snowflake in russia, I wonder if we should change that) == Interesting links == == Reading group == - We will discuss "" on - - Questions to ask and goals to have: - What aspects of the paper are questionable? - Are there immediate actions we can take based on this work? - Are there long-term actions we can take based on this work? - Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - - Something you need help with. cecylia (cohosh): last updated 2022-11-24 - Last week: - - wrote a fix to make go fmt CI more verbose (snowflake!122) - This week: - - continue work on conjure client - - more work on reputation-based bridge dist - - fixup snowflake!108 - Needs help with: dcf: 2022-12-14 - Last week: - - made the number of KCP state machines a command-line option and merged it https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - - brought the snowflake bridge installation guide up to date with current settings https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Gui… - - deployed current performance settings on snowflake-02 bridge - - changed srcaddr in extor-static-cookie to a transport option from a command-line option, like in snowflake-server https://gitlab.torproject.org/dcf/extor-static-cookie/-/commit/61e0684e40f8… - - had the IP addresses of snowflake-02 added to DDoS mitigation scripts https://github.com/steinex/tor-ddos/issues/2 https://github.com/Enkidu-6/tor-relay-lists/issues/2 - - opened an issue for a duplicate flag name in snowflake-server https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - - started an experiment to increase the size of the conntrack table on snowflake-01 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Next week: - - make obfs4 distinguishability reports public - - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs… - - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/91 - - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… - - try Conjure PT development version https://forum.torproject.net/t/tor-dev-introducing-a-conjure-pt-for-tor/4429 - Help with: meskio: 2022-12-15 Last week: - figure out why onionsproutsbot freezees in our server (onionsproutsbot#47) - add support for multiple shim-tokens for moat (rdsys#118) - remove unused DKIM header verification from BridgeDB (bridgedb!51) - catching up with outreachy duties Next week: - add localization support to rdsys (rdsys#11) - make onionsproutsbot work in systemd (onionsproutsbot#47) - poke outdated bridge operators (obfs4#40008) Shelikhoo: 2022-12-08 Last Week: - - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - - [Discussion & Deployment] Rollout of Distributed Snowflake Support - - [Coding & Deployment] Proposal: Centralized Probe Result Collector (anti-censorship/team#54) - - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - [Merge Request] Update to support chunked upload of probe log(https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurem… - [Merge Request] Add Resumable Upload to Log Collector (https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/…) Next Week: - - [Research] WebTunnel planning (Continue) - Itchy Onion: 2022-12-15 Last week: - - worked on RACE performance issue - [Merge Request Done] "Abbreviate `ice` list in bridge lines" - reviewed some MRs This week: - - Work on the RACE performance issue - - [Merge Request Done] Fix duplicate snowflake server flag - - Work on adding Outbound address option to snwoflake server hackerncoder: 2022-12-15 last week/earlier this week: - worked on ooni-exporter https://gitlab.torproject.org/hackerncoder/ooni-exporter Next week/later this week: - getting ooni-exporter setup on a personal server - getting ooni-exporter to work with torsf (snowflake) - work on monitoring bridges health

1 0